Mott MacDonald Limited

Osprey (UTMC service)

Mott MacDonald’s Osprey is a mature suite of smart mobility and traffic management applications, successfully implemented throughout the UK. Built on proven technology, leveraging open standards, and highly customisable, Osprey provides cost effective real-time management tools for traffic managers and operations staff, built on the UTMC standard.

Features

• GIS-based map providing real-time view of the road network.
• Integrated intelligent transport platform, data adaptors with UTMC compliant database.
• Create, locate and update network assets and plan maintenance work.
• Monitor, maintain and assign manual and automatically reported equipment faults.
• UTMC car park management, including count data and guidance signs.
• Strategic VMS control with free text, dynamic data and pictograms.
• Integrate analogue and digital CCTV images with map display.
• Real-time and historic environmental, meteorological and air quality sensor data.
• Planned and unplanned event and incident management, including streetworks integration.
• Actions audited and logged providing full audit trail of activity.

Benefits

• Live system interfaces provide rapid sharing of critical information.
• Real-time map view enables informed decision making.
• Role-based access and permissions supports cross-organisational collaboration.
• Interactive strategies allows rapid and appropriate responses and recovery.
• Mature and well proven, low risk, and highly cost effective.
• Integrates seamlessly with UTMC components from other suppliers.
• Developed in close collaboration with real users and domain experts.
• Automated network management using comprehensive detection and intervention engines.
• Comprehensive tailored reporting, available for Gold and Silver hosting packages.
• Tailored support and enhancement packages available to match exact requirements.

£144,200 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology+systems@mottmac.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

111840099977822

Contact

Samantha Lottering-Geeson
+44 (0)141 222 3798
technology+systems@mottmac.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Approved web browser version for Web Client

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: | PRIORITY 1 requests: 1 hour ; | PRIORITY 2 requests: 2 hours ; | PRIORITY 3 requests: 4 hours; ; (during working hours)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support: 08:30-17:00 weekdays (excl. bank holidays) | Enhanced Support: 24x7 (by agreement) | ; ; Support costs and further details are included in our Service Description and Pricing documents. ; ; We will provide a technical project manager/account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Following agreement of contract, the following onboarding process will be undertaken:; ; • Initiation of project management methodology; • Clarification session on configuration requirements held on customer premises.; • Templates provided for customer data inputs, such as user accounts, assets and map data; • Hosting setup and configuration; • Service configuration and commissioning; • Support setup ; • User training can be provided in the form of classroom-based, hands-on training. ; ; User training is provided as a half-day session at the buyer's premises. During such training, users are provided with instruction in using all aspects of the system as an end-user. Attendees are provided with electronic course materials. User training is priced as a unit of five attendees. ; ; Train-the-trainer training can be provided in the form of classroom-based, hands-on training. Train-the-trainer training is provided as a full-day session at the buyer's premises. During such training, trainers are provided with instruction in using all aspects of the system as an end-user, as well as in the underlying system principles, allowing them to confidently provide training and guidance to the ultimate end users. Attendees are provided with electronic course materials. Train-the-trainer training is priced as a unit of five attendees.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: As part of the offboarding process, Mott MacDonald will provide the customer with an extract of all customer data stored in Osprey. This will be provided in Comma Separated Value files. All hosted data will then be securely deleted from the server prior to decommissioning of the service.
• End-of-contract process: The system will be decommissioned, and an export of the data will be provided as part of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Main functionality of Osprey is available through mobile devices with variable screen sizes on both iOS and Android devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Customised connections are possible using XML or CORBA interfaces. Individual requirements can be discussed with the team as part of the call-off process.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: See Osprey Service Definition and Pricing documents.

Scaling

• Independence of resources: Independent cloud infrastructure is supplied for each client instance to prevent one client service affecting another. Preventative health checks and network checks are undertaken daily for each system to ensure a high level of service at all times.

Analytics

• Service usage metrics: Yes
• Metrics types: Fully audited system recording user access and all changes to data. In addition to this, users can request reports using Osprey online reporting tools directly (for Gold and Silver hosting packages).
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Azure standard on protection of data at rest, implemented by Azure. All Azure hosted services are committed to provide encryption at rest options, that we implement.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The data stored in Osprey is accessible to users through the application at any time they require. If an export is required, the data can be exported via the online reporting component (for Gold and Silver hosting packages). For more complex exports the support team can assist. A full export of the data is provided at the end of the contract as part of the offboarding process.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service levels can be defined on a client-by-client basis as part of the call-off arrangements. Downtime windows are agreed with individual clients at suitable times. Depending on individual requirements, out of office times (evenings, weekends) can be specified.
• Approach to resilience: Resilience level is dependent on host service support selected.
• Outage reporting: Outages are reported internally to our helpdesk, who coordinate and escalate to project managers as required to liaise with client representatives.; ; Planned outages are communicated in advance to all users.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Limited access over dedicated link, enterprise or community network.; ; Username and strong password/passphrase enforcement.; ; The system supports different roles, responsibilities and permissions with respect to access to data held within the system. ; ; Accounts and roles will be assigned to individuals.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Key based authentication for server access

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV - Business Assurance
• ISO/IEC 27001 accreditation date: 03/10/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Certified Information Systems Security Professional (CISSP) staff

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Our cloud services are managed under Mott MacDonald's Information Security Management System (ISMS) which is independently audited and certified under ISO27001:2013. ; ; Project Managers are responsible for their Projects’ Security Incident Management for systems that are not connected to Group IT systems. All projects must complete an Information Security Risk Assessment (ISRA) as part of our Project Plan of Work (PPW), which must review risks and provide mitigation strategies. ; ; All serious information security incidents (actual or perceived) must be immediately reported to the Director Business Management Systems and Risk who will form a Response Team and Plan to deal with the situation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are documented as procedures complying with both ISO9001:2015, TickITPlus and potential security impacts through ISO27001:2013. TickITplus covers our expertise in project management, technical and advisory services in transport engineering, system integration and the development of associated software to Government, Local Authority and the Private Sector. Management and mitigation of risk is an integral part of our system and is monitored and reported through a set of mature project governance procedures designed to identify risks and mitigate against them as soon as possible.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We review newly released third party software upgrades and patches. We perform non-critical Operating System updates quarterly. Our Cyber Security specialist issues a weekly vulnerability report detailing all new threats from the Cybersecurity Infrastructure Security Agency (CISA), rated by Common Vulnerability Scoring System (CVSS) which our support team review and assess for our environment. Once complete we follow existing incident management procedures for security incidents. Where high or critical patches are identified we raise a request and, once approved, deploy to live. Our Cyber Essentials Plus accreditation requires remedial work to be undertaken within 14 days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a number of tools and techniques to monitor systems for signs of compromise:; ; • network penetration test scans to detect potential vulnerabilities;; • host-based intrusion detection;; • network firewall; ; • web application firewall where justified by the risk assessment; and; • comprehensive system and network monitoring using OpenNMS to detect log events and service issues.; ; We treat a potential compromise as an information security incident and respond using our Business Management System STEP procedure which details the process for dealing with an information security incident.
• Incident management type: Supplier-defined controls
• Incident management approach: External users can report incidents directly via our service desk portal or by contacting our Help Desk by phone or email. Internal users use our ServiceNow system to report information security incidents.; ; We treat a potential compromise as an information security incident and respond using our BMS STEP procedure, complying with ISO 27001, which details the process for dealing with an information security incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  PROTECTING AND IMPROVING OUR ENVIRONMENT - Mott MacDonald is an industry leader in protecting and improving the environment and providing thought leadership in the infrastructure community on creating a stable climate and prosperous net carbon zero economy. We authored the Infrastructure Carbon Review for the UK Government and co-authored the world’s first publicly-available specification on carbon management in infrastructure, PAS2080.; ; We recognise our responsibility to manage environmental risks and identify safeguarding and improvement opportunities. We have dedicated environmental specialists in areas of air quality, noise, landscape, cultural heritage, water resources and a dedicated global practice leader who draws together expertise and good practice. We know protecting the environment creates sustainable, safe communities and we have extensive experience in delivering environmental impact assessments (EIAs) to our clients to ensure projects are delivered in an environmentally responsible way. ; ; Our Business Management System supports the adoption of a single way of working across the organisation and ensures environmental considerations are incorporated into our internal work, as well as the services we provide to clients. We regularly conduct comprehensive Sustainability and Environmental Risk Assessments (SERAs) at project level. ; ; As an organisation we have made significant strides in reducing our carbon footprint and in 2022 we were the first engineering consultancy in the world to be certified as carbon neutral. We continue to make progress in line with our commitment to becoming a net zero organisation by 2040. ; ; National Highways chose our Moata Carbon Portal for the A303 Sparkford to Ilchester Scheme to assess carbon emissions from construction and to inform the scheme’s environmental impact assessment (EIA). By identifying and targeting carbon hotspots using the Portal our design solutions cut carbon emissions by 46%.; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Covid-19 recovery

  COLLABORATING TO BEAT COVID-19 - COVID-19 continues to drive us all to work together to help communities and businesses build confidence now and for the future.; ; Through the long-standing collaborative relationships Mott MacDonald (MM) has with our clients and partners, we’re collectively identifying things we can all do, and how to execute the best outcomes in the communities affected.; ; We share the belief that together we will build confidence by keeping our people robust, innovative and our businesses focused on sustaining infrastructure, enterprise, and social outcomes. ; ; AN ALTERNATIVE RECOVERY PLAN: As we seek to recover from COVID-19, throw off economic recession and make society resilient against future surprises we must do four things.; ; 1. Set out the most important challenges; 2. Define the desired outcomes; 3. Set clear objectives; 4. Act urgently; ; Here we share a snapshot of some of our activities and ideology: ; ; A CATALYST FOR ANTIMICROBIAL RESISTANCE (AMR) PREVENTION? Supporting the Fleming Fund’s efforts to support countries with AMR challenges has contributed to more effective responses to the COVID-19 pandemic.; ; PROTECTION FOR WORKERS: A partnerships programme managed by MM will help one million people across Africa and Asia by supporting vulnerable workers and their families through the pandemic.; ; DELIVERING INTERNATIONAL DEVELOPMENT SERVICES: Throughout the COVID-19 pandemic, MM has delivered aid-funded programmes worldwide ensuring that urgent responses are also sustainable.; ; FUTURE-PROOF DECISION-MAKING: The disruption caused by COVID-19 has made it only too clear that the future will be characterised by volatile change and uncertainty.; ; GENERATING A GREEN RECOVERY: The UK’s recovery from COVID-19 and its economic impact will be all the better if it is a green one.; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Tackling economic inequality

  We recognise EDI is a strategic business priority with a clearly demonstrable business case and our commitment to equality, diversity, and inclusion. We have:; ; • Achieved gold status under the National Equality Standard (NES) - the highest rating available for the highest benchmark a business can achieve for EDI good practice in the UK. ; ; • Won ‘Best Emerging Talent Strategy’ at the Firm Awards, which recognise efforts in developing and achieving a diverse talent pool. ; ; Our Corporate Social Responsibility Strategy prioritises achievement of meaningful skills and employment through provision of grant funding, volunteering, and skills transfer. ; ; SUPPORTING GROWTH OF REGIONAL BUSINESSES; ; We fully support mentoring and supporting local businesses by proactively recruiting a diverse supply chain. This benefits both small and medium-sized enterprises (SMEs) and voluntary, community and social enterprises (VCSEs). SMEs account for more than 50% of our suppliers and we are committed to building on the diversity of our supply chain. We participate in ‘Meet the Buyer’ days through our membership of Minority Suppliers Development UK Ltd, and trade shows. We require our supply chain to share similar social and environmental sustainability values and actively support them to do so. ; ; COLLABORATIVE BEHAVIOUR; ; To ensure our clients benefit from our collective knowledge and experience, we encourage collaborative behaviours with our supply chain.; ; SCALABLE SOLUTIONS; ; Our Osprey service now builds on our shared Moata environment, demonstrating our commitment to supporting scalable and future-proofed technologies.; ; MANAGING CYBER SECURITY; ; Our Cyber Essentials Plus accreditation demonstrates our commitment to applying government-backed best practice when managing online security threats.; ; PROMOTING INNOVATION; ; Giving staff opportunities to innovate creates better results for communities and new, more effective solutions for old challenges. We have an annual innovation and excellence fund to enable this. ; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Equal opportunity

  Mott MacDonald's common values are set out in our vision, mission, and values. A key element of the policy is RESPECT. We respect the natural environment and community in which we work, we cherish the rich diversity in the abilities and talents of all people and cultures, and treat each other with the respect we would want from others. ; ; Our EQUALITY, DIVERSITY AND INCLUSION (EDI) efforts involve a range of initiatives and actions to help us achieve:; ; • EQUALITY, by removing barriers and ensuring everyone has equal access to opportunities. ; ; • DIVERSITY, by creating a workforce which reflects the diversity of the communities we work in at all levels of the business. ; ; • INCLUSION, by meeting the varying needs of our colleagues so everybody feels engaged, respected and able to achieve their full potential. ; ; The Group EDI policy establishes responsibilities and makes clear that unfair discriminatory behaviour will result in disciplinary action. ; ; We are committed to:; ; • Making reasonable adjustments to ease any difficulties experienced by employees with disabilities in carrying out their work within its standard conditions of employment. ; ; • Ensuring that all members of staff are afforded equal opportunity when consideration is given to staff training and development. ; ; • Conducting annual pay reviews and checks to ensure pay parity between the sexes for jobs of equal market value and job holders of equal qualification, experience, and ability. ; ; • Ensuring that no job applicant or employee receives less favourable treatment, directly or indirectly, on the grounds of age, disability, caring status e.g. gender, race, colour, sexual orientation, etc.; ; • Promoting inclusion through the development of apprenticeships, work experience and similar programmes.; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

  Wellbeing

  WELLBEING is integral to our business as it affects and influences all areas of daily work. In 2016, Mott MacDonald signed the UK’s Time to Change pledge, reflecting our commitment to reduce mental health stigma and discrimination in the workplace. ; ; Our ambition is to CREATE A ‘BEST IN CLASS’ WELLBEING CULTURE, where we can collectively and individually thrive.; ; This is done by addressing the following wellbeing concerns:; ; • DEMANDS: taking account of the demands of our work; responding to individuals; matching skills and responsibilities to the job.; ; • CONTROL: encouraging the development of skills, consulting staff over work patterns; considering the pace of work and its impact.; ; • RELATIONSHIPS: creating an environment where bullying and harassment are not tolerated; preventing or resolving unacceptable behaviour.; ; • ROLE: be clear about what staff need to do; ensure staff can raise concerns.; ; • CHANGE: provide timely information; consult; understand the impact of change.; ; • SUPPORT: provide information, support, and adequate resources; practice connected conversations, coaching, and mentoring; highlight external support.; ; How do we do this ?; ; • Setting clear actionable KPIs informed by reliable reporting and leading indicators; ; • Clear governance, roles, and responsibilities; ; • Programme of investment for Mental Health First Aiders, line managers, and wellbeing champions; ; • Regular wellbeing pulse surveys; ; • Review of IT platforms: leverage technology ; ; • Employee Assistance Programme – independent, free and confidential 24/7 advice line which is answered by qualified and accredited counsellors for support on financial, legal and specific mental health support.; ; • Targeted training for managers in mental health awareness; ; • Private health care for our staff; ; We establish a social value action plan and monitor commitments throughout the project lifecycle.

Pricing

• Price: £144,200 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology+systems@mottmac.com. Tell them what format you need. It will help if you say what assistive technology you use.